GitHub 更換 github.com 的 SSH host key (RSA 部份)
source link: https://blog.gslin.org/archives/2023/03/24/11112/github-%e6%9b%b4%e6%8f%9b-github-com-%e7%9a%84-ssh-host-key-rsa-%e9%83%a8%e4%bb%bd/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
GitHub 更換 github.com 的 SSH host key (RSA 部份)
看到 GitHub 宣佈更換 SSH key (RSA 的部份):「We updated our RSA SSH host key」。
在 Hacker News 上的「We updated our RSA SSH host key (github.blog)」這邊有人提到官方文件 (原文裡面也有提到),裡面會列出對應的 key:「GitHub's SSH key fingerprints」。
只是看起來這些大公司依然對 DNSSEC + SSHFP 這樣的組合沒興趣...
Related
OpenSSH 8.4 預設停用 ssh-rsa
前幾天 OpenSSH 8.4 釋出了:「Announce: OpenSSH 8.4 released」。 比較重要的改變是 ssh-rsa 預設變成停用,因為是使用 SHA-1 演算法的關係: It is now possible[1] to perform chosen-prefix attacks against the SHA-1 algorithm for less than USD$50K. For this reason, we will be disabling the "ssh-rsa" public key signature algorithm by default in a near-future release. 官方給了三個方案: The RFC8332…
October 3, 2020In "Computer"
GitHub 要求全面檢查 SSH Key
在 GitHub 被攻擊成功後 (參考 GitHub 官方所說的「Public Key Security Vulnerability and Mitigation」這篇),官方除了把漏洞修補完以外,接下來做了更積極的措施:暫停所有的 SSH key 存取權限,一律等到用戶 audit 確認過後才開放:「SSH Key Audit」。 這次 GitHub 除了修正問題、audit key 以外,另外還提出了新的機制讓用戶更容易發現異常存取行為,包括了: 新增 SSH public key 時要輸入密碼。 新增 SSH public key 成功後會寄信通知。 新增「Security History」頁面可以看到帳戶的安全狀況。 算是很積極補救的作法。 另外說明,要如何 audit key,也就是要如何取得你的 public key fingerprint: ssh-keygen -lf .ssh/id_rsa.pub (如果你是用 RSA) 或是 ssh-keygen -lf…
March 8, 2012In "Computer"
對 GitHub 的 Public Key 分析
在 Hacker News Daily 上看到有人針對 GitHub 上的 Public Key 分析:「Auditing GitHub users’ SSH key quality」。 這個分析主要用的是 GitHub 的 .keys 功能取得: A little known feature of GitHub is the ability to look at the public SSH keys that other users have set to be authorised on their account (for example https://github.com/torvalds.keys)…
June 4, 2015In "Computer"
Leave a Reply
Your email address will not be published. Required fields are marked *
Comment *
Name *
Email *
Website
Notify me of follow-up comments by email.
Notify me of new posts by email.
To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Learn More)
Post navigation
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK